Don’t Let Up: Keeping Cybersecurity on the Ups Past Cybersecurity Awareness Month

By Darren Guccione, CEO and Co-founder, Keeper Security

October is widely regarded as Cybersecurity Awareness Month—and it is quickly drawing to a close. While awareness is crucial in our increasingly perilous cyber landscape, threats to both organisations and individuals are growing in scale and sophistication, which is why taking action is now paramount. Recent research indicates that 95% of IT leaders believe cyber attacks are more advanced than ever, largely due to the accessibility of AI technologies. Alarmingly, these threats will only continue to evolve.

Awareness serves as a starting point for a more cyber-secure digital world, but it is imperative for everyone to take proactive measures to protect themselves online. These measures do not  have to be monumental – often, returning to fundamental practices is the best approach.

Essential habits, such as robust password security and routine software updates, remain vital regardless of the sophistication of threats.

Strong Passwords: Simple but Critical

Password security is frequently neglected, despite being a primary entry point for cybercriminals. The importance of creating strong passwords and maintaining good password hygiene cannot be overstated. A strong password should consist of at least 16 characters, incorporating a mix of special characters, uppercase and lowercase letters and numbers, and be unique for each account. Yet, many people worldwide admit to poor password practices, such as writing them down or insecurely sharing them with others, and password reuse remains a significant issue.

In a world where individuals often juggle numerous credentials for both personal and professional use, it is no surprise that 62% of people globally feel overwhelmed by password management. This stress can lead to complacency, as remembering multiple unique and lengthy passwords can be challenging. One effective solution is to use a password manager, which can securely store passwords and generate strong, unique ones for every account. Additionally, conduct an audit of your credentials and proactively update any passwords that may be inadequate—do not wait for a breach to act.

Extra Defences: The Importance of Multi-Factor Authentication 

Cybercriminals are motivated by the ease of attacks. AI has accelerated the ability to brute force access into systems using leaked or easily guessable credentials. If an account is protected by only a weak password, or a password that has been leaked in a breach, cybercriminals can exploit it with minimal effort. This is why Multi-Factor Authentication (MFA) is essential.

While it may seem straightforward, ensuring MFA is enabled on all accounts significantly enhances security. MFA methods can include using authenticator apps or receiving one-time passwords via mobile devices each time you access an account. Many sites are beginning to require users to opt in for MFA, and several major organisations are now making it mandatory. For example, Microsoft has recently announced that MFA will be mandatory for all Azure users – an important step for cybersecurity. Review your accounts and enable MFA proactively; now is the time to prepare.

Update Your Software Regularly

Software updates are often associated with new features and capabilities, but they are also critical for security. Regular updates patch vulnerabilities and address bugs. According to research, many individuals delay updating their devices for various reasons, such as not knowing how to do it, inconvenience, concerns about performance impact or mistakenly believing that updates are unnecessary.

In reality, keeping devices updated is one of the simplest ways to maintain cybersecurity. Regularly check for updates and act immediately when they are available. Many devices offer automatic updates, so it is wise to enable this feature where possible.

Stay Alert for Phishing Attacks 

Finally, it is critical to recognise the signs of phishing emails. Research shows that phishing is the fastest-growing attack vector for organisations. AI is making it increasingly difficult to identify phishing attempts, as generative AI tools improve the crafting and targeting of malicious communications, making them appear more authentic.

To spot a phishing email, look for signs of poor grammar and spelling, hover over the sender’s name to review the email address for subtle inconsistencies, be cautious of urgent language and avoid clicking on links – though this is not an exhaustive list. Always exercise caution when engaging with unfamiliar senders. If you receive an unexpected email from a colleague requesting urgent assistance, confirm it by calling them.

Taking it one step further, reporting phishing attempts can contribute to broader community awareness of emerging threats.

And Action! 

Taking action does not have to be complex. In fact, sometimes the most effective strategy is to go back to the basics. By ensuring fundamental security practices are in place, we can build a stronger cybersecurity culture. Awareness is valuable, but action is essential.